PSA: Think twice before using a smartphone charging kiosk

This site may earn affiliate commissions from the links on this page. Terms of use.

The smartphone charging kiosk is a welcome addition to many airports and public areas, especially if it means you don’t have to carry around a bulky extended battery case. Some clever hackers have discovered that these kiosks can be easily used to do more harm than good if users are not careful.

Every year there’s at least one story that comes out of the DefCon conference that makes you second guess something in your life that you would otherwise view as harmless. Many of the attendees focus on locating security exploits in areas that people wouldn’t consider for this very reason, as the best exploit is one that no one expects. Smartphone charging stations offer you a nondescript cable with the other side tucked away in a box — few people know what the other side of that cable is connected to, with the innocent assumption being that it is just a power source. Unfortunately, it doesn’t take much for it to be something more.

The experiment conducted at DefCon was simple: when there was nothing connected to the kiosk, the screen on the station offered free power to anyone in need. When a device was connected to the kiosk, and the computer connected to the kiosk could access the phone, a red warning screen flashed and educated users on the possibly damage that could be done in this situation.

What sort of damage? Once you have a direct connection to a smartphone, someone with malicious intent could extract all of the data from it or even write malware directly to OS. Even when the phone is set to charge only, an option available in many Android phones, the computer in the kiosk could still access information.

If you find yourself in need of a charging station, the team behind this experiment found that most phones don’t give up information when the phone is powered off. Otherwise, unless you are sure the kiosk is safe, the team recommends using the cable that was included with the smartphone.